Blog

Over the years, most hospital IT teams have developed their own HL7 test messages and logs, which they use over and over again for system testing and interface validation. These logs may not be 100% accurate for the task at hand but hey, they’re good enough, right?

Not really.

“Good-enough” logs don’t contain the latest lab codes. “Good-enough” logs with just 10 or 20 or even 50 patients don’t contain the volume you need for load and performance testing. “Good-enough” logs miss out on message workflow problems that can bring down interfaces.

What hospital IT teams and their vendor partners need are better test logs. Test messages and logs need to reflect a hospital’s IT environment: their own ADT message flow, their specific lab codes, and their case mix.

There’s a way to generate test logs quickly and effectively: use production data and remove the HIPAA identifiers.

By de-identifying production data, you get test messages that are 100% representative of the hospital environment (because you’ve just done a “hot” extraction).

When you de-identify messages, here is a list of capabilities you want to ensure you have:

First and foremost, be absolutely sure to remove the 18 identifiers designated by HIPAA as protected health information (PHI).

Keep the message flow. If “John Doe” in your production data becomes “Michael Smith” in your test log, ensure that Michael Smith in your A01 admission message is the same Michael Smith upon discharge.

Cover data in z-segments. PHI can hide in z-segments.

Log volume. Have at least a week’s worth of messages. A few months would be even better. One HIT vendor we worked with de-identified 12GB of data, which represented 3 months of hospital data, for their development environment.

Traceability. Keep records of which data was de-identified and which fields and data types were transformed.

How have you dealt with HL7 test messages? Let us know in the comments.